As artificial intelligence rapidly reshapes nearly every sector of society, it’s also transforming one of the most dangerous frontiers: cybercrime.
That was the stark warning from Pat McFadden, Britain’s Chancellor of the Duchy of Lancaster, who took to the stage at the National Cyber Security Centre’s (NCSC) CyberUK 2025 conference in Manchester with a message that pulled no punches.
“Cybersecurity is no longer a luxury, it’s a necessity,” McFadden declared, referencing a newly declassified intelligence assessment that paints a concerning picture of Britain’s digital vulnerability.
At the heart of the concern is the double-edged sword of AI: while it offers powerful new tools for defenders, it also gives cybercriminals unprecedented capabilities.
The warning comes on the heels of a wave of high-profile ransomware attacks that have rattled major UK retailers.
In just the last three weeks, operations at Marks & Spencer, the Co-op Group, and Harrods were disrupted, Marks & Spencer being hit the hardest, with online clothing orders still suspended three weeks on.
The estimated cost to the retailer? A staggering £30 million in lost profits, and counting.
These incidents are not isolated blips. According to the NCSC, Britain faced nearly 2,000 cyberattacks in 2024 alone. Of those, 90 were considered “significant,” and 12 reached the “highest severity” tier, a category reserved for attacks with national or systemic implications.
That’s triple the number of severe cases from just the year before.
“The scale and sophistication of these attacks have grown rapidly, and AI is accelerating that curve,” said Richard Horne, the newly appointed CEO of the NCSC.
“We’re seeing adversaries adopt AI to improve their phishing tactics, deploy malware more effectively, and even impersonate trusted voices with alarming accuracy.”
AI’s role in cybercrime is evolving fast. On one hand, it allows criminals to automate and fine-tune their operations, making it easier to target victims en masse with tailored phishing emails or undetectable malware.
On the other hand, it’s becoming an essential tool for defense, helping cybersecurity teams detect intrusions faster, predict threats, and analyze patterns that human analysts might miss.
But not every organization is keeping pace. The NCSC has expressed concern over a growing “digital divide” between businesses with the resources and expertise to deploy AI defensively, and those left behind. This gap, experts warn, could make the entire ecosystem more vulnerable.
To address this rising threat, the government is rolling out the Cyber Security and Resilience Bill, a major legislative effort aimed at toughening up digital defenses across the board. Under the new bill:
The Technology Secretary will have the authority to require regulated organizations to upgrade their cyber defenses.
Over 1,000 private IT providers will face new obligations to improve the security of their data and networks.
Companies will be required to report more cyber incidents to the NCSC, creating a clearer picture of threat activity across sectors.
Additionally, a new national cybersecurity strategy will be released later this year, designed to align Britain’s defenses with the rapidly evolving capabilities of AI-enabled adversaries.
While many in the industry welcome these steps, some critics warn they could hit smaller businesses the hardest. “Compliance can be costly,” said Emma Sharif, a cybersecurity consultant working with SMEs. “We need to make sure we’re not creating barriers to innovation by piling on requirements without adequate support.
The financial incentives behind ransomware attacks remain powerful. Criminal groups, many operating from overseas, use “ransomware-as-a-service” platforms like DragonForce, enabling even low-skill hackers to rent out malicious tools and demand cryptocurrency ransoms for unlocking encrypted systems.
Groups like Scattered Spider, believed to be behind some of the recent UK attacks, operate across borders and are notoriously difficult to prosecute. “We’re dealing with a global criminal enterprise,” McFadden noted, stressing the need for stronger international cooperation.
Britain is already investing in that front. The government has pledged £8 million to bolster Ukraine’s cyber defenses—a country frequently targeted by state-sponsored hackers—and an additional £7 million into AI security research. These moves reflect growing recognition that cyber threats often transcend national boundaries.
Cyber essentials and the push for resilience
As part of its domestic strategy, the government is ramping up support for initiatives like the Cyber Essentials scheme, a program that helps organizations implement basic but effective cybersecurity practices. According to the NCSC, firms that adhere to the scheme are 92% less likely to make insurance claims following cyberattacks.
There’s also a new Cyber Governance Code of Practice, aimed at helping company boards take a more active role in managing digital risk, an area that has traditionally lagged behind other corporate governance priorities.
“Boards need to understand that cybersecurity is not just an IT issue, it’s a business risk,” said Horne. “We’re moving towards a future where paying ransoms will no longer be viable, and resilience will be the only option.”
Amid the challenges, there’s a silver lining for regional growth. The North West is emerging as a national cybersecurity hub, thanks in part to the National Cyber Force headquarters in Lancashire and significant public and private investment. The region now hosts 8% of the UK’s cybersecurity firms and 10% of its cybersecurity workforce, contributing to an industry that employs 67,000 people and generates £13 billion annually
As AI continues to reshape how we live, work, and defend ourselves, the threats posed by its misuse are escalating.
The government’s legislative response, combined with strategic investments and international partnerships, signals a proactive approach.
But success will depend on collaboration, between government, businesses, researchers, and allies abroad.
“Cybersecurity is no longer a niche concern,” said McFadden. “It’s central to our economic prosperity and national security. We can’t afford to fall behind.”
–
